A Singapore eye clinic was hit with a ransomware cyberattack in early August, compromising the data of nearly 75,000 patients. The Eye & Retina Surgeons (ERS) clinic suffered the attack on August 6, but the story didn’t make news until much more recently, when the clinic published a press release on August 25.
While the damage in this particular incident was minimal, with ERS maintaining segregated networks, it should sound alarm bells to other eye clinics — or clinics of any sort. Cybersecurity is often one of the last things on a doctor’s mind, but in this era of cloud computing and data storage, data security is a must.
Cyberattacks are becoming more and more common, and can no longer be considered simply a black swan event for medical institutions. Let’s take a look at this specific incident, and how it relates to a broader trend.
The Current Situation
As of now, ERS has restored its IT services and, to our knowledge, has not paid any ransom to the hackers. The hackers remain at large — no one even knows what country they’re from.
The damage was compartmentalized, as none of the clinic’s processes were affected. Patients of the clinic have been informed of the data breach, as have Singapore police, and Singapore’s cyber-SWAT team: the Singapore Computer Emergency Response Team (SingCERT).
While the data breach included patients’ names, addressees, identity card numbers, contact details, and clinical information, it mercifully did not include patients’ credit card or other bank information.
The odds of catching the hackers appears low, as any hacker worth their salt will be able to minimize their data trail. There have been two other ransomware attacks that surfaced in Singapore just this past week, including an attack on Tokio Marine Insurance Singapore.
Increasingly Sophisticated Cyberattacks
Anyone who’s been paying attention to the news would have heard of the massive ransomware attack on the Colonial Pipeline in the U.S. That the nation’s largest pipeline was subject to ransomware and the company in charge paid the ransom only demonstrates that ransomware is a viable business model for hackers.
As such, businesses of all types should take note. Clinics, hospitals and other medical institutions pose a significant risk of data breach because of all the sensitive personal information they collect on patients.
Indeed, healthcare institutions have been disproportionately affected by cyberattacks. The 2020 HIMMS report noted that 70% of hospitals surveyed said they’d had a significant security event in the previous 12 months. Of those, 25% of the attacks resulted in a disruption of business functions and 20% of the attacks resulted in financial losses.
We can reasonably speculate that these attacks will continue and may become more frequent. Singapore’s three attacks in a week are certainly an indication of a growing trend. Ransomware attack reports have skyrocketed since around the beginning of 2020.
No clinic can ignore this trend. Data must be secured. Savvy patients will be very dubious about doing business with a clinic that’s been hit by data breaches, and with good reason. Savvy clinics will get on top of their data security as quickly as possible to prevent data breaches.
How Can Clinics Bolster their Cybersecurity?
We at Media MICE are unfortunately not cybersecurity experts. Some of us can barely remember the keycodes to our own locks at times, much less keep sophisticated hackers out of medical systems.
However, we can direct you to people who are security experts. This piece from the Brookings Institute makes a good case for healthcare institutions to beef up their security. The HIPAA Journal provides up to date news on healthcare cybersecurity. The American Medical Association (AMA) also has a page dedicated to the topic. Whatever the case, we can be sure that cybersecurity will only be a growing concern for all industries — not just the medical sector.